5 matches found
CVE-2026-12888
An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...
CVE-2026-35622
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...
CVE-2026-35622
OpenClaw (npm package) before 2026.3.22 contains an improper authentication verification in Google Chat app-url webhook handling, allowing attackers to bypass webhook authentication by supplying non-deployment add-on principals and perform unauthorized actions through the Google Chat integration....
CVE-2026-35622
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...
CVE-2026-35622 OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...